research-article

DARPT: defense against remote physical attack based on TDC in multi-tenant scenario

Authors:

Kui RenAuthors Info & Claims

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

Pages 559 - 564

https://doi.org/10.1145/3489517.3530494

Published: 23 August 2022 Publication History

Abstract

With rapidly increasing demands for cloud computing, Field Programmable Gate Array (FPGA) has become popular in cloud datacenters. Although it improves computing performance through flexible hardware acceleration, new security concerns also come along. For example, unavoidable physical leakage from the Power Distribution Network (PDN) can be utilized by attackers to mount remote Side-Channel Attacks (SCA), such as Correlation Power Attacks (CPA). Remote Fault Attacks (FA) can also be successfully presented by malicious tenants in a cloud multi-tenant scenario, posing a significant threat to legal tenants. There are few hardware-based countermeasures to defeat both remote attacks that aforementioned. In this work, we exploit Time-to-Digital Converter (TDC) and propose a novel defense technique called DARPT (Defense Against Remote Physical attack based on TDC) to protect sensitive information from CPA and FA. Specifically, DARPT produces random clock jitters to reduce possible information leakage through the power side-channel and provides an early warning of FA by constantly monitoring the variation of the voltage drop across PDN. In comparison to the fact that 8k traces are enough for a successful CPA on FPGA without DARPT, our experimental results show that up to 800k traces (100 times) are not enough for the same FPGA protected by DARPT. Meanwhile, the TDC-based voltage monitor presents significant readout changes (by 51.82% or larger) under FA with ring oscillators, demonstrating sufficient sensitivities to voltage-drop-based FA.

References

[1]

AWS. 2021. Amazon Web Services. Retrieved 2021-10-30 from https://github.com/aws/aws-fpga/blob/master/ERRATA.md

[2]

Anuj Dubey, Rosario Cammarota, and Aydin Aysu. 2020. BoMaNet: Boolean masking of an entire neural network. In 2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD). IEEE, 1--9.

Digital Library

[3]

TR Haarman. 2020. Analysing countermeasures against fault injection attacks on FPGA based cryptographic implementations. B.S. thesis. University of Twente.

[4]

Ruben Lumbiarres-Lopez, Mariano Lopez-Garcia, and Enrique Canto-Navarro. 2016. Hardware architecture implemented on FPGA for protecting cryptographic keys against side-channel attacks. IEEE Transactions on Dependable and Secure Computing 15, 5 (2016), 898--905.

[5]

Dina Mahmoud and Mirjana Stojilović. 2019. Timing violation induced faults in multi-tenant FPGAs. In 2019 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 1745--1750.

[6]

Maamar Ouladj and Sylvain Guilley. 2021. Side-Channel Analysis of Embedded Systems: An Efficient Algorithmic Approach. Springer Nature.

[7]

Amazon Web Services. 2021. Amazon EC2 F1 instances. Retrieved 2021-10-30 from https://aws.amazon.com/cn/ec2/instance-types/f1/

[8]

Brier et al. 2004. Correlation power analysis with a leakage model. In International workshop on cryptographic hardware and embedded systems. Springer, 16--29.

[9]

Gnad et al. 2017. Voltage drop-based fault attacks on FPGAs using valid bit-streams. In 2017 27th International Conference on Field Programmable Logic and Applications (FPL). IEEE, 1--7.

[10]

Gnad et al. 2018. Checking for electrical level security threats in bitstreams for multi-tenant FPGAs. In 2018 International Conference on Field-Programmable Technology (FPT). IEEE, 286--289.

[11]

Giechaskiel et al. 2019. Measuring long wire leakage with ring oscillators in cloud FPGAs. In 2019 29th International Conference on Field Programmable Logic and Applications (FPL). IEEE, 45--50.

[12]

Krautter et al. 2018. FPGAhammer: Remote voltage fault attacks on shared FPGAs, suitable for DFA on AES. IACR Transactions on Cryptographic Hardware and Embedded Systems (2018), 44--68.

[13]

Krautter et al. 2019. Active fences against voltage-based side channels in multi-tenant FPGAs. In 2019 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). IEEE, 1--8.

[14]

Krautter et al. 2019. Mitigating electrical-level attacks towards secure multi-tenant FPGAs in the cloud. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 12, 3 (2019), 1--26.

Digital Library

[15]

La et al. 2020. FPGADefender: Malicious Self-Oscillator Scanning for Xilinx UltraScale+ FPGAs. ACM Transactions on Reconfigurable Technology and Systems (TRETS) 13, 3 (2020), 1--31.

Digital Library

[16]

Luo et al. 2020. A quantitative defense framework against power attacks on multi-tenant FPGA. In 2020 IEEE/ACM International Conference On Computer Aided Design (ICCAD). IEEE, 1--4.

Digital Library

[17]

Luo et al. 2021. DeepStrike: Remotely-Guided Fault Injection Attacks on DNN Accelerator in Cloud-FPGA. arXiv preprint arXiv:2105.09453 (2021).

[18]

Moini et al. 2021. Remote power side-channel attacks on BNN accelerators in FPGAs. In Design, Automation & Test in Europe (DATE).

[19]

Pammu et al. 2017. Highly secured state-shift local clock circuit to countermeasure against side channel attack. In 2017 IEEE International Symposium on Circuits and Systems (ISCAS). IEEE, 1--4.

[20]

Provelengios et al. 2019. Characterizing power distribution attacks in multi-user FPGA environments. In 2019 29th International Conference on Field Programmable Logic and Applications (FPL). IEEE, 194--201.

[21]

Ravi et al. 2018. Ppap and ippap: PLL-based protection against physical attacks. In 2018 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). IEEE, 620--625.

[22]

Schellenberg et al. 2018. An inside job: Remote power analysis attacks on FPGAs. In 2018 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 1111--1116.

[23]

Schellenberg et al. 2018. Remote inter-chip power analysis side-channel attacks at board-level. In 2018 IEEE/ACM International Conference on Computer-Aided Design (ICCAD). IEEE, 1--7.

Digital Library

[24]

Srivastava et al. 2020. SOLOMON: An automated framework for detecting fault attack vulnerabilities in hardware. In 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 310--313.

[25]

Yao et al. 2021. Programmable RO (PRO): A Multipurpose Countermeasure against Side-channel and Fault Injection Attack. arXiv preprint arXiv:2106.13784 (2021).

[26]

Zhao et al. 2018. FPGA-based remote power side-channel attacks. In 2018 IEEE Symposium on Security and Privacy (SP). IEEE, 229--244.

[27]

Stefan Tillich, Christoph Herbst, and Stefan Mangard. 2007. Protecting AES software implementations on 32-bit processors against power analysis. In International Conference on Applied Cryptography and Network Security. Springer, 141--157.

Digital Library

[28]

TVLA. 2021. Test Vector Leakage Assessment (TVLA) Derived Test Requirements (DTR) with AES. Retrieved 2021-10-30 from https://www.rambus.com/wp-content/uploads/2015/08/TVLA-DTR-with-AES.pdf

[29]

Yue Zha and Jing Li. 2020. Virtualizing fpgas in the cloud. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems. 845--858.

Digital Library

Cited By

Zhou QXie HSu T(2025)The Impact of Clock Frequencies on Remote Power Side-Channel Analysis Attack Resistance of Processors in Multi-Tenant FPGAsCryptography10.3390/cryptography90100159:1(15)Online publication date: 3-Mar-2025
https://doi.org/10.3390/cryptography9010015
Xu JZhang FJin WYang KWang ZJiang WHa Y(2025)A Deep Investigation on Stealthy DVFS Fault Injection Attacks at DNN Hardware AcceleratorsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.342636444:1(39-51)Online publication date: Jan-2025
https://doi.org/10.1109/TCAD.2024.3426364
Aknesil CDubrova E(2024)Circuit Disguise: Detecting Malicious Circuits in Cloud FPGAs without IP Disclosure2024 27th Euromicro Conference on Digital System Design (DSD)10.1109/DSD64264.2024.00055(361-368)Online publication date: 28-Aug-2024
https://doi.org/10.1109/DSD64264.2024.00055
Show More Cited By

Recommendations

Security testing of a secure cache design
HASP '13: Proceedings of the 2nd International Workshop on Hardware and Architectural Support for Security and Privacy

Cache side channel attacks are attacks that leak secret information through physical implementation of cryptographic operations, nullifying cryptographic protection. Recently, these attacks have received great interest. Previous research found that ...
D-ward: source-end defense against distributed denial-of-service attacks
Defense Mechanisms Against DDoS Attacks in a Cloud Computing Environment: State-of-the-Art and Research Challenges
The salient features of cloud computing (such as on-demand self-service, resource pooling, broad network access, rapid elasticity, and measured service) are being exploited by attackers to launch the severe Distributed Denial of Service (DDoS) attack. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

DAC '22: Proceedings of the 59th ACM/IEEE Design Automation Conference

July 2022

1462 pages

ISBN:9781450391429

DOI:10.1145/3489517

General Chair:
Rob Oshana
NXP

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation
IEEE CEDA

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 August 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Funding Sources

National Key R&D Program of China
National Natural Science Foundation of China

Conference

DAC '22

Sponsor:

SIGDA

DAC '22: 59th ACM/IEEE Design Automation Conference

July 10 - 14, 2022

California, San Francisco

Acceptance Rates

Overall Acceptance Rate 1,770 of 5,499 submissions, 32%

Upcoming Conference

DAC '25

Sponsor:
sigda

62nd ACM/IEEE Design Automation Conference

June 22 - 26, 2025

San Francisco , CA , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
262
Total Downloads

Downloads (Last 12 months)53
Downloads (Last 6 weeks)11

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Zhou QXie HSu T(2025)The Impact of Clock Frequencies on Remote Power Side-Channel Analysis Attack Resistance of Processors in Multi-Tenant FPGAsCryptography10.3390/cryptography90100159:1(15)Online publication date: 3-Mar-2025
https://doi.org/10.3390/cryptography9010015
Xu JZhang FJin WYang KWang ZJiang WHa Y(2025)A Deep Investigation on Stealthy DVFS Fault Injection Attacks at DNN Hardware AcceleratorsIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2024.342636444:1(39-51)Online publication date: Jan-2025
https://doi.org/10.1109/TCAD.2024.3426364
Aknesil CDubrova E(2024)Circuit Disguise: Detecting Malicious Circuits in Cloud FPGAs without IP Disclosure2024 27th Euromicro Conference on Digital System Design (DSD)10.1109/DSD64264.2024.00055(361-368)Online publication date: 28-Aug-2024
https://doi.org/10.1109/DSD64264.2024.00055
Alsuwaiyan AHabib AImoukhuede AOmar MMaruf MAlqarni MEl-Maleh ATabbakh AFelemban MAzim A(2024)A Systematic Literature Review on Vulnerabilities, Mitigation Techniques, and Attacks in Field-Programmable Gate ArraysArabian Journal for Science and Engineering10.1007/s13369-024-09562-wOnline publication date: 23-Sep-2024
https://doi.org/10.1007/s13369-024-09562-w

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten